Unfortunately, properly quoting table and field names is not worth the overhead.

This does not mean that things are not safe (especially not in the core), but now (extension) developers are responsible themselves for making sure that there are no unsanitized table or column names in query objects.